Kata Containers - Guests can trick the kata-runtime into unmounting any mount point on the host
CVE-2020-2024

6.5MEDIUM

Key Information:

Vendor: Kata Containers
Status: Kata Containers
Vendor: CVE Published:; 19 May 2020

🔔 Create Kata Containers Vulnerability Alert

What is CVE-2020-2024?

An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.

Affected Version(s)

Kata Containers < 1.11.0

References

https://github.com/kata-containers/runtime/issues/2474

x_refsource_MISC

https://github.com/kata-containers/runtime/pull/2475

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2020
Vulnerability Reserved
Dec 4, 2019

Credit

Yuval Avrahami, Palo Alto Networks

CVE-2020-2024 Data

JSON